Chal2 – Easy Unpack Challenge

Posted: January 26, 2016 in Chal2. Easy Unpack Challenge

Load Easy_UnpackMe to OllyDBG, scroll down to find JMP instruction:


Figure 1

Set BP at 0040A1FB - E9 506FFFFF     jmp     Easy_Unp.00401150, press F9 to run. Stop at BP, press F8 to trace over, we get the OEP is 0x00401150:


Figure 2

Anotherway to find OEP is to set BP at GetVersion API:


Figure 3



